fix-openssl-no-des.patch
refreshed for 5.74
* Bugfixes
- Fixed a stapling cache deallocation crash.
- Fixed "redirect" with protocol negotiation.
* Features
- "protocolHost" support for "socks" protocol clients.
- More detailed logs in OpenSSL 3.0 or later.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add exact CPE name (from NVD database) in CVE_PRODUCT in order to ensure
CVE filtering and not be disturb by futur potential false-positive CVEs.
Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Conditionnal inherit may be missed when PACKAGECONFIG qt5 is activated
after this inherit, eg in .bbappend. see patch [0]
[0]: https://lists.openembedded.org/g/bitbake-devel/message/16815
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Ghislain Mangé <ghislain.mange@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Recently, the official nbdkit repo has been changed:
from https://github.com/libguestfs/nbdkit
into https://gitlab.com/nbdkit/nbdkit
Additionally, the newest stable tag version is v1.40.4.
The patch used with version 1.33.11 is also copied
and modified to support the latest changes.
The version 1.33.11 is not removed for reference purposes.
It was tested with one of openbmc images.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
All test cases PASS.
Add openvpn to PTESTS_SLOW because test duration longer than 30s Below is parts of the run log:
[==========] xkey provider tests: Running 3 test(s).
[ RUN ] xkey_provider_test_fetch
[ OK ] xkey_provider_test_fetch
[ RUN ] xkey_provider_test_mgmt_sign_cb
[ OK ] xkey_provider_test_mgmt_sign_cb
[ RUN ] xkey_provider_test_generic_sign_cb
[ OK ] xkey_provider_test_generic_sign_cb
[==========] xkey provider tests: 3 test(s) run.
[ PASSED ] 3 test(s).
PASS: provider_testdriver
The files t_client.sh.in and t_cltsrv.sh were not added because they
require specific environment configuration files. It is recommended that
users configure these based on their environment before testing.
Since the recipe enables iproute2, the condition for t_net.sh based on
HAVE_SITNL is not met, so t_net.sh will not be included in the build.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
buildhistory-diff shows few new files in testdata:
packages/core2-64-oe-linux/unbound/unbound-ptest: FILELIST: added "
/usr/lib/unbound/ptest/tests/testdata/rpz_val_block.rpl
/usr/lib/unbound/ptest/tests/testdata/serve_expired_ttl_reset.rpl
/usr/lib/unbound/ptest/tests/testdata/val_negcache_ttl_prefetch.rpl
/usr/lib/unbound/ptest/tests/testdata/val_negcache_ttl.rpl
/usr/lib/unbound/ptest/tests/testdata/iter_max_global_quota.rpl
/usr/lib/unbound/ptest/tests/testdata/iter_unverified_glue.rpl
/usr/lib/unbound/ptest/tests/testdata/serve_expired_val_bogus.rpl
/usr/lib/unbound/ptest/tests/testdata/iter_unverified_glue_fallback.rpl
/usr/lib/unbound/ptest/tests/testdata/serve_expired_client_timeout_val_bogus.rpl
/usr/lib/unbound/ptest/tests/testdata/serve_expired_client_timeout_val_insecure_delegation.rpl
/usr/lib/unbound/ptest/tests/testdata/dns64_prefetch_cache.rpl"
wasn't tested in runtime, I don't use it, I just wanted to get rid of
random build failure from world builds (happens at least since kirkstone
which has 1.15.0).
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The mdio-tools package RDEPENDS on `kernel-module-mdio-netlink` but
this package doesn't exists if the module is built into the kernel.
Use RRECOMMENDS instead as is usually done with kernel modules.
Signed-off-by: Alban Bedel <alban.bedel@aerq.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
includes the CFLAGS used to build the package in
the binary via PACKAGE_CONFIGURE_INVOCATION which then includes the
absolute build path via (eg.) the -ffile-prefix-map flag.
Here we remove using variables like PACKAGE_CONFIGURE_INVOCATION in code
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ENABLE_STTD is a typo, correct option is ENABLE_ZSTD.
This patches the following CMake warning in do_configure:
Manually-specified variables were not used by the project: ENABLE_STTD
After, do_configure does not show the warning.
Github issue: https://github.com/openembedded/meta-openembedded/issues/845
Reported-by: Ludovic Jozeau <ludovic.jozeau@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Ghislain Mangé <ghislain.mange@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ChangeLog:
https://github.com/sctp/lksctp-tools/blob/v1.0.20/ChangeLog
Drop redundant variables LK_REL, SOLIBVERSION and SOLIBMAJORVERSION in
recipe.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
- Let getaddrinfo(3) select the default IPv4 or IPv6 protocol version
when it is not explicitly specified on the command line
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
fix-openssl-no-des.patch
refreshed for 5.73
Changelog:
===========
* Security bugfixes
- OpenSSL DLLs updated to version 3.3.2.
- OpenSSL FIPS Provider updated to version 3.0.9.
* Bugfixes
- Fixed a memory leak while reloading stunnel.conf
sections with "client=yes" and "delay=no".
- Fixed TIMEOUTocsp with values greater than 4.
- Fix the IPv6 test on a non-IPv6 machine.
* Features
- HELO replaced with EHLO in the post-STARTTLS SMTP
protocol negotiation (thx to Peter Pentchev).
- OCSP stapling fetches moved away from server threads.
- Improved client-side session resumption.
- Added support for the mimalloc allocator.
- Check for protocolHost moved to configuration file
processing for the client-side CONNECT protocol.
- Clarified some confusing OpenSSL's certificate
verification error messages.
- stunnel.nsi updated for Debian 13 and Fedora.
- Improved NetBSD compatibility.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The "status" function called by this script calls "pidof" to get the process id. "pidof" does not expect or operate with a full path.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This prepares for using libconfuse for the 'genimage' recipe which
should reside in meta-oe.
Also libftdi (which is in meta-oe already) optionally requires
libconfuse when PACKAGECONFIG option 'ftdi-eeprom' is enabled.
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This fixes emitting buildpaths into binary and also
fixes the issue where these tools wont exist on
the paths they were found on build machine
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Some of the PACKAGECONFIG can be derived from the DISTRO_FEATURES and
MACHINE_FEATURES.
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Our version was copied 2011 and is out of date. The changes in the meantime
affected only comments.
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
configure emits its arguments into binaries via PACKAGE_CONFIGURE_INVOCATION
therefore edit the paths from this in generated config.h before it gets into
binaries.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Bugfixes:
===========
* RADIUS dissector's dictionary loading broken in many ways.
* 3.4 -> 3.6.5 ASCII display is broken on CentOS 7.
* Funnel/Lua: Closing child window disconnects buttons of parent.
* Lua detection fails with Alpine Linux: missing: LUA_LIBRARIES.
* vnd.3gpp.5gnas payloads of type SMS not decoded inside HTTP2 5GC.
* TCP Stream Graphs green sliding window line not displayed correctly.
* Wireshark window doesn't fully fit on screen on small resolutions and can't be resized properly on Russian language.
* Wireshark started from command line doesn't set gui.fileopen_remembered_dir correctly on Windows.
* Wireshark expects wrong length for DHCP Relay Agent Information Source Port Suboption.
* SIP P-Access-Network-Info header not correctly decoded.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There was an error with the last modification to the buildpaths warning, which could cause segment error.
fix the following warning about buildpath:
WARNING: fetchmail-6.4.38-r0 do_package_qa: QA Issue: File /usr/bin/fetchmail in package fetchmail contains reference to TMPDIR [buildpaths]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Adapt the compile 'test' phony target from Makefile and deploy as
ptest for unbound.
All test are successful on a trial and took around >9min and <10min.
Duration of ptest execution was 587 seconds on an average.
Signed-off-by: rajmohan r <semc.2042@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The touch command doesn't support file mode setting. Set it with chmod.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
0001-configure.ac-eliminate-build-path-from-openvpn-versi.patch
refreshed for 2.6.11
Changelog:
=============
- Implement server_poll_timeout for socks
- Use snprintf instead of sprintf for get_ssl_library_version
- Add bracket in fingerprint message and do not warn about missing verification
- Replace macos11 with macos14 in github runners
- Only run coverity scan in OpenVPN/OpenVPN repository
- Workaround issue in LibreSSL crashing when enumerating digests/ciphers
- Properly handle null bytes and invalid characters in control messages
- Allow to set ifmode for existing DCO interfaces in FreeBSD
- samples: Update sample configurations
- documentation: make section levels consistent
- phase2_tcp_server: fix Coverity issue 'Dereference after null check'
- script-options.rst: Update ifconfig_* variables
- LZO: do not use lzoutils.h macros
- Remove "experimental" denotation for --fast-io
- Implement Windows CA template match for Crypto-API selector
- misc.c: remove unused code
- interactive.c: Improve access control for gui<->service pipe
- Only schedule_exit() once
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
